Published: Sat 11 Jan 2025
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post.
Note: This product uses data from the NVD API but is not endorsed or certified by the NVD.
Stay informed with product updates and security tips delivered to your inbox; no spam.